Merge branch 'main' of https://gitea.lyc-lecastel.fr/alhassane.kone/siotp
This commit is contained in:
		
							
								
								
									
										8
									
								
								sio2/CYBER/IDS/aide
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										8
									
								
								sio2/CYBER/IDS/aide
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,8 @@ | |||||||
|  | #!/bin/bash | ||||||
|  | aideinit  #initialisation | ||||||
|  | /etc/cron.daily/aide  # on lance aide pour vérifier | ||||||
|  | more /var/log/aide/aide.log  # on affiche le compte-rendu : pas de changements | ||||||
|  | touch /etc/truc # on créée un fichier | ||||||
|  | echo  "#########" >> /etc/hosts # on en modifie un autre | ||||||
|  | /etc/cron.daily/aide  # on vérifie à nouveau | ||||||
|  | more /var/log/aide/aide.log  # on constate les changements survenus ... | ||||||
							
								
								
									
										189
									
								
								sio2/CYBER/IDS/aide.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										189
									
								
								sio2/CYBER/IDS/aide.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,189 @@ | |||||||
|  | # AIDE conf | ||||||
|  |  | ||||||
|  | # set environment for executable config files included by x_include | ||||||
|  | @@x_include_setenv UPAC_settingsd /etc/aide/aide.settings.d | ||||||
|  |  | ||||||
|  | # The daily cron job depends on these paths | ||||||
|  | database_in=file:/var/lib/aide/aide.db | ||||||
|  | database_out=file:/var/lib/aide/aide.db.new | ||||||
|  | database_new=file:/var/lib/aide/aide.db.new | ||||||
|  | gzip_dbout=yes | ||||||
|  |  | ||||||
|  | # Set to no to disable report_summarize_changes option. | ||||||
|  | report_summarize_changes=yes | ||||||
|  |  | ||||||
|  | # Set to no to disable grouping of files in report. | ||||||
|  | report_grouped=yes | ||||||
|  |  | ||||||
|  | # Set verbosity of aide run and reports | ||||||
|  | log_level=warning | ||||||
|  | report_level=changed_attributes | ||||||
|  |  | ||||||
|  | # Set to yes to print the checksums in the report in hex format | ||||||
|  | report_base16 = no | ||||||
|  |  | ||||||
|  | # if you want to sacrifice security for speed, remove some of these | ||||||
|  | # checksums. | ||||||
|  | Checksums = sha256+sha512+haval | ||||||
|  |  | ||||||
|  | # The checksums of the databases to be printed in the report | ||||||
|  | # Set to 'E' to disable. | ||||||
|  | database_attrs = Checksums | ||||||
|  |  | ||||||
|  | # check permissions, owner, group and file type | ||||||
|  | OwnerMode = p+u+g+ftype | ||||||
|  |  | ||||||
|  | # Check size and block count | ||||||
|  | Size = s+b | ||||||
|  |  | ||||||
|  | # Files that stay static | ||||||
|  | InodeData = OwnerMode+n+i+Size+l+X | ||||||
|  | StaticFile = m+c+Checksums | ||||||
|  |  | ||||||
|  | # Files that stay static but are copied to a ram disk on startup | ||||||
|  | # (causing different inode) | ||||||
|  | RamdiskData = InodeData-i | ||||||
|  |  | ||||||
|  | # Check everything | ||||||
|  | Full = InodeData+StaticFile | ||||||
|  |  | ||||||
|  | # Files that change their mtimes or ctimes but not their contents | ||||||
|  | VarTime = InodeData+Checksums | ||||||
|  |  | ||||||
|  | # Files that are recreated regularly but do not change their contents | ||||||
|  | VarInode = VarTime-i | ||||||
|  |  | ||||||
|  | # Files that change their contents during system operation | ||||||
|  | VarFile = OwnerMode+n+l+X | ||||||
|  |  | ||||||
|  | # Directories that change their contents during system operation | ||||||
|  | VarDir = OwnerMode+n+i+X | ||||||
|  |  | ||||||
|  | # Directories that are recreated regularly and change their contents | ||||||
|  | VarDirInode = OwnerMode+n+X | ||||||
|  |  | ||||||
|  | # Directories that change their mtimes or ctimes but not their contents | ||||||
|  | VarDirTime = InodeData | ||||||
|  |  | ||||||
|  | # Logs are special: they are continously written to, may be compressed | ||||||
|  | # have their file name changed in different, mutually incompatibly ways | ||||||
|  | # and apprear and vanish at will. Handling this is a a complex and error- | ||||||
|  | # prone issue. | ||||||
|  | # | ||||||
|  | # This is best broken down in a number of small tasks: | ||||||
|  | # | ||||||
|  | # | ||||||
|  | # (A) | ||||||
|  | # While a live log is being written to, it doesn't change its mode and | ||||||
|  | # inode and its size only increases. | ||||||
|  | # | ||||||
|  | # (B) | ||||||
|  | # When a live log is rotated for the first time, it should not change | ||||||
|  | # its mode, may change its inode, and its size decreases. The size | ||||||
|  | # decrease may not be noticed by aide if the file had size x at the last | ||||||
|  | # aide run, was rotated in the mean time and was written to so that it | ||||||
|  | # had a size > x at the next aide run. | ||||||
|  | # | ||||||
|  | # (C) | ||||||
|  | # When a log is compressed, this looks to aide like the uncompressed | ||||||
|  | # file vanished (or was replaced by another file) and the compressed | ||||||
|  | # file appeared out of the blue. There is (currently) no way to | ||||||
|  | # associate the (gone) uncompressed file's contents with the (new) | ||||||
|  | # compressed file's contents | ||||||
|  | # | ||||||
|  | # (D) | ||||||
|  | # The actual log rotation may rename foo.{x}.bar to foo.{x+1}.bar without | ||||||
|  | # changing the other properties of the file | ||||||
|  | # | ||||||
|  | # (E) | ||||||
|  | # If only a given number of log generations is to be kept, foo.{y}.bar may | ||||||
|  | # vanish, but usually only when no foo.{z}.bar exists for z>y. | ||||||
|  | # | ||||||
|  | # (F) | ||||||
|  | # The set of files foo.{x}.bar to foo.{y}.bar is called a "log series" | ||||||
|  | # in aide terms, with the lowest x being called the "LoSerMember" element | ||||||
|  | # and the highest y being called the "HiSerMember" element, and the z | ||||||
|  | # with x<z<y simple called "SerMember". The Lo and Hi members need to | ||||||
|  | # be special cased in aide configuration. | ||||||
|  | # | ||||||
|  | # | ||||||
|  | # This is an example of the normal life of a log named foo in a logrotate | ||||||
|  | # configuration using a configuration at it is commonly used in Debian | ||||||
|  | # (from old to new): | ||||||
|  | #     1 logrotate deletes HiSerMember foo.{y}.gz | ||||||
|  | #     2 logrotate rotates SerMember foo.{z-1}.gz to foo.{z}.gz for all | ||||||
|  | #       z with 3<z<=y. This includes rotation of foo.{y-1}.gz to | ||||||
|  | #       foo.{y}.gz and foo.2.gz to foo.3.gz | ||||||
|  | #     3 logrotate compresses foo.1 to foo.2.gz, creating LoSerMember foo.2.gz | ||||||
|  | #     4 logrotate rotates foo to foo.1 (a simple rename) | ||||||
|  | #     5 logrotate creates new, empty foo | ||||||
|  | #     6 foo daemon logs to foo - foo grows in size | ||||||
|  | # | ||||||
|  | # we need the following rules: | ||||||
|  | # /var/log/foo$ f Log | ||||||
|  | # /var/log/foo$ f FreqRotLog | ||||||
|  | #    this takes care of the growing live log (step 7). The "Log" rule | ||||||
|  | #    is appropriate for logs that are not rotated daily as rotation | ||||||
|  | #    might be reported (if the file size has decreased since the last | ||||||
|  | #    aide run). For daily rotated logs, the "FreqRotLog" may be more | ||||||
|  | #    appropriate. | ||||||
|  | # /var/log/foo\.1$ f LowLog | ||||||
|  | #    this takes care of step 5. | ||||||
|  | # /var/log/foo\.2\.gz$ f LoSerMemberLog | ||||||
|  | #    this allows yet unknown new files to appear with a \.2\.gz extension, | ||||||
|  | #    covering step 3. | ||||||
|  | # /var/log/foo\.[3..y-1]\.gz$ f SerMemberLog | ||||||
|  | #    this watches the log files as they wander through the Series, | ||||||
|  | #    changing only their file name but not their contents or metadata, | ||||||
|  | #    covering step 2. | ||||||
|  | #    Please note that [3..y-1] needs to be a manually crafted regexp covering | ||||||
|  | #    all numbers between 3 and y-1. | ||||||
|  | # /var/log/foo\.y\.gz$ f HiSerMemberLog | ||||||
|  | #    finally, the last element of the Series is allowed to vanish without | ||||||
|  | #    being reported, covering step 1. | ||||||
|  | # | ||||||
|  | # Please note that these example rules need to be adapted to the logrotate | ||||||
|  | # configuration for the log. Compression may be disabled or lead to a different | ||||||
|  | # extension, the dateext option may be used, old logs might be held in a | ||||||
|  | # different place, a log series does not necessarily need to be compressed etc. | ||||||
|  | # | ||||||
|  | # Please note that savelog rotates the live log to .0 and not to .1 as it | ||||||
|  | # is logrotates (changeable) default. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | # Logs grow in size. Log rotation of these logs will be reported, so | ||||||
|  | # this should only be used for logs that are not rotated daily. | ||||||
|  | Log = OwnerMode+n+S+X | ||||||
|  |  | ||||||
|  | # Logs that are frequently rotated | ||||||
|  | FreqRotLog = Log-S | ||||||
|  |  | ||||||
|  | # The first instance of a rotated log: After the log has stopped being | ||||||
|  | # written to, but before rotation | ||||||
|  | LowLog = Log-S | ||||||
|  |  | ||||||
|  | # Rotated logs change their file name but retain all their other properties | ||||||
|  | SerMemberLog  = Full+I | ||||||
|  |  | ||||||
|  | # The first instance of a compressed, rotated log: After a LowLog was | ||||||
|  | # compressed. | ||||||
|  | LoSerMemberLog = SerMemberLog+ANF | ||||||
|  |  | ||||||
|  | # The last instance of a compressed, rotated log: After this name, a log | ||||||
|  | # will be removed | ||||||
|  | HiSerMemberLog = SerMemberLog+ARF | ||||||
|  |  | ||||||
|  | # Not-yet-compressed log created by logrotate's dateext option: | ||||||
|  | # These files appear one rotation (renamed from the live log) and are gone | ||||||
|  | # the next rotation (being compressed) | ||||||
|  | LowDELog = SerMemberLog+ANF+ARF | ||||||
|  |  | ||||||
|  | # Compressed log created by logrotate's dateext option: These files appear | ||||||
|  | # once and are not touched any more. | ||||||
|  | SerMemberDELog = Full+ANF | ||||||
|  |  | ||||||
|  | # For daemons that log to a variable file name and have the live log | ||||||
|  | # hardlinked to a static file name | ||||||
|  | LinkedLog = Log-n | ||||||
|  |  | ||||||
|  | @@x_include /etc/aide/aide.conf.d ^[a-zA-Z0-9_-]+$ | ||||||
		Reference in New Issue
	
	Block a user